Guest Column
| January 27, 2014

Avoid These 6 Common PCI Compliance Mistakes

By Greg Griffiths, VP of Retail Solutions, EarthLink Business

In the wake of the recent Target breach, many retailers are taking a fresh look at the data security measures they have in place. If they’re not, they should be – as it’s now well known that the attacks are likely much more widespread than originally reported, as the malware used against Target was sold publicly over the Internet. And while retail giants get the lion’s share of media coverage, retailers of all shapes and sizes are vulnerable. According to Visa, 97 percent of U.S. events occurred at small merchants, and 91 percent of those were brick and mortar merchants.

As evidenced by recent events, merchants often underestimate the financial impact of a breach. The average direct cost is estimated at $80,000 per location for Level 4 merchants, and can reach into the millions with more extensive breaches against large merchants. Direct costs include mandatory forensic audits, credit card replacement, fees and fines, but do not include potentially significant revenue loss resulting from damage to brand and reputation.

Nearly every instance will be the result of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). While compliance with PCI DSS doesn’t guarantee that a retailer won’t be a victim, it significantly reduces the associated cost and risk. Hackers will look to easier targets, merchant level is preserved and remediation is faster and far less costly for those that can show proof of required assessments and scans.